Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/04/21 9:33 p.m.23 views

CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

4.8CVSS0.00016EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/21 9:33 p.m.0 views

CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

4.8CVSS5.8AI score0.00016EPSS
Exploits0References5
CVE
CVEadded 2026/04/21 9:33 p.m.9 views

CVE-2026-6830

The CVE concerns nesquena Hermes WebUI, where switching profiles fails to clear environment variables from the previous profile, enabling leakage of sensitive credentials (e.g., provider API keys) between profiles. The underlying issue is residual environment variables that persist across profile...

4.8CVSS5.8AI score0.00016EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/21 12:0 a.m.3 views

PT-2026-34194

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

4.8CVSS5.8AI score0.00016EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 3:19 p.m.1 views

EUVD-2025-32793

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdpsetfeatures Hold RTNL lock when calling xdpsetfeatures with a registered netdev, as the call triggers the netdev notifiers. This could happen when switching from uplink rep ...

5.8AI score0.0002EPSS
Exploits0References3
OSV
OSVadded 2025/10/07 3:19 p.m.3 views

CVE-2023-53632 net/mlx5e: Take RTNL lock when needed before calling xdp_set_features()

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdpsetfeatures Hold RTNL lock when calling xdpsetfeatures with a registered netdev, as the call triggers the netdev notifiers. This could happen when switching from uplink rep ...

5.5CVSS5.9AI score0.0002EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/04/30 9:57 a.m.1 views

kernel: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features()

A locking flaw in the Mellanox mlx5 Ethernet driver allowed calls to xdpsetfeatures without holding the required rtnetlink RTNL lock. A local administrator switching device profiles for example, from an uplink representor to a Network Interface Card profile could trigger notifier paths without...

5.5CVSS7.4AI score0.0002EPSS
Exploits0References5
Rows per page
Query Builder